A recently reported attack targeting Intel processors uses CPU voltage changes to reveal data stored with Intel Software Guard Extensions (SGX).
A group of researchers from University of Birmingham, UK; Graz University of Technology, Austria; and the imec-DistriNet Research Group of KU Leuven, Belgium, discovered the attack, known as the “Plundervolt” and followed as the “CVE-2019-1157” and initially reported to Intel six months ago.
The chip maker has already released firmware updates to fix the flaw and says that it doesn’t know the bug is being used in live attacks. Nonetheless, all users can download security updates.
“Once SGX is activated on a device, the privileged user may be capable of attacking the privacy and credibility of the computer resources by manipulating the CPU voltage settings. Intel has built a microcode update with device vendors to alleviate the problem by locking voltage to default settings, “Intel explains.
Security researchers demonstrate in a whitepaper that the attack is possible because the CPU frequency and voltage are designed to work as a pair based on the current load. This would lead to errors if the voltage is changed when the processor runs at a specific frequency.
An adversary who already has high privileges on a system uses special software as part of the Plundervolt attack to abuse the Intel Core voltage scaling interface and corrupt the integrity of SGX enclave calculations.
Through inserting predictable errors in the processor package during enclave computations, scientists have been able to retrieve keys from cryptographic algorithms and even trigger memorandum-free enclave code vulnerabilities.
Modern processors, according to the authors, bring specific optimizations to ensure low energy consumption. The clock frequency and supply voltage are therefore kept to a minimum and scaled only if necessary. Moreover, only the privileged device code is exposed to dynamic voltage and frequency scaling functions.
What the researchers discovered was that the computation could cause faulty multiplications in a SGX enclave. Next, the researchers have shown that they can subvert real uses and leak secrets from enclaves.
The scientists were able to apply the technique to insert errors into the main derivative instructions at the hardware level of Intel SGX that could allow details about the key long-term material of the processor to be revealed, although it should not be subject to code.
Plundervolt can also be exploited in particular situations, as the compilers frequently rely on accurate multiplication results for pointer arithmetic and the storage allocation sizes, to cause memory safety misconduct.
“Our current findings show that the Plundervolt attack affects all Intel Core processors SGX-enabled from Skylake onward. The researchers, who have published video demonstrations on the attack as well, have also experimentally confirmed the existence of the undervolting interface for pre-SGX Intel Core processors.
Intel confirmed that the vulnerability affects families Intel 6th, 7th, 8th, 9th and 10th generation core processors and Intel Xeon Processor E3 v5 and V6 and the E-2100 and E-2200 Intel Xeon Processor and published a large list of products affected.
Intel recommends that users of the above mentioned Intel Processors update their system manufacturer’s latest version of BIOS which addresses these issues,’ the chip maker notes.